ChatGPT Bug Exposed Some Subscribers' Payment Info

Investigation into a bug that exposed chat history titles reveals additional issues.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik
2 min read
ChatGPT logo displayed on a smartphone
Rafael Henrique/SOPA Images/LightRocket via Getty Images

OpenAI temporarily disabled ChatGPT earlier this week to fix a bug that allowed some people to see the titles of other users' chat history with the popular AI chatbot. In an update Friday, OpenAI said the bug may have also exposed some personal data of ChatGPT Plus subscribers, including payment information.

"Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window," OpenAI said in the update.

The bug, which has now been fixed, allowed some people to see another user's first and last name, email address, payment address, last four digits of a credit card number and credit card expiration date. Full credit card numbers were not exposed, OpenAI said. The company said it believes the number of people "whose data was actually revealed to someone else is extremely low."

In a tweet Wednesday, OpenAI CEO Sam Altman said a significant issue in ChatGPT was the result of a "bug in an open source library." On Friday, the company said the "bug was discovered in the Redis client open-source library" that OpenAI uses to cache user information in its server. 

While it's unclear the exact number of people impacted, it's a reminder to be cautious when using ChatGPT and other new AI tools, many of which are still in beta or testing phases. OpenAI on Friday said it has notified affected users that their payment information may have been exposed. 

OpenAI released ChatGPT late last year, and by January, the service was estimated to have reached 100 million active users. It's been followed by a surge in new AI tools and services from companies including Microsoft, Google and Adobe

The ChatGPT bug gained notice earlier this week after OpenAI confirmed to Bloomberg that some people saw the titles from other people's chat history instead of their own. However, the "substance of the other users' conversations was not visible," according to Bloomberg. When someone is using ChatGPT, a chat history with the service shows up along the left-hand side of the website, letting people continue past conversations.

Editors' note: CNET is using an AI engine to create some personal finance explainers that are edited and fact-checked by our editors. For more, see this post.